On Mon, Sep 14, 2020 at 03:13:14PM -0700, Kees Cook wrote: > On Mon, Sep 14, 2020 at 05:27:42PM +0000, George-Aurelian Popescu wrote: > > From: George Popescu <georgepope@xxxxxxxxxx> > > > > When the kernel is compiled with Clang, UBSAN_BOUNDS inserts a brk after > > the handler call, preventing it from printing any information processed > > inside the buffer. > > For Clang -fsanitize=bounds expands to -fsanitize=array-bounds and > > -fsanitize=local-bounds, and the latter adds a brk after the handler > > call > > That sounds like a compiler bug? Actually in clang 12 documentation is written that -fsanitize=bounds expands to that. GCC doesn't have those two options, only the -fsanitize=bounds which looks similar to -fsanitize=array-bounds from clang. So I don't see it as a compiler bug, just a misuse of flags. > > Signed-off-by: George Popescu <georgepope@xxxxxxxxxx> > > --- > > scripts/Makefile.ubsan | 9 ++++++++- > > 1 file changed, 8 insertions(+), 1 deletion(-) > > > > diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan > > index 27348029b2b8..3d15ac346c97 100644 > > --- a/scripts/Makefile.ubsan > > +++ b/scripts/Makefile.ubsan > > @@ -4,7 +4,14 @@ ifdef CONFIG_UBSAN_ALIGNMENT > > endif > > > > ifdef CONFIG_UBSAN_BOUNDS > > - CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) > > + # For Clang -fsanitize=bounds translates to -fsanitize=array-bounds and > > + # -fsanitize=local-bounds; the latter adds a brk right after the > > + # handler is called. > > + ifdef CONFIG_CC_IS_CLANG > > + CFLAGS_UBSAN += $(call cc-option, -fsanitize=array-bounds) > > This would mean losing the local-bounds coverage? Isn't that for locally > defined arrays on the stack? This would mean losing the local-bounds coverage. I tried to test it without local-bounds and with a locally defined array on the stack and it works fine (the handler is called and the error reported). For me it feels like --array-bounds and --local-bounds are triggered for the same type of undefined_behaviours but they are handling them different. > > + else > > + CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) > > + endif > > endif > > > > ifdef CONFIG_UBSAN_MISC > > -- > > 2.28.0.618.gf4bc123cb7-goog > > > > -- Thanks, George
